Issue
-
This article presents an overview of the best practices for configuring Remoting Agents for CloudBees CI.
Resolution
Agent Daemonization
First, review the product documentation for Setting up agents on CloudBees CI, Connecting inbound agents, and Managing agents.
To setup SSH connected agents, follow How to Connect to Remote SSH Agents?.
To install Windows agents as a service, follow How to install Windows agents as a service?.
Number of executors
The number of executors on the controller and operations center built-in node should always be set to 0.
This is because executors on the built-in node have full read and write access to the JENKINS_HOME, so could modify/delete any file in the instance, reconfigure administrative settings, or cause a security incident by running arbitrary code. Building jobs on the built-in node can also cause performance issues on the instance.
You can enforce this setting from the Operations Center by going to <operations_center_url>/configureSecurity/ and enabling enforce in the Connected controller on-controller executors section.
For all other build agents use 1 executor on each agent as a general recommendation.
If you are considering using multiple executor slots, ensure that you have designed your jobs to not overwhelm the build agent and cause build times to be impacted (for example, if you encounter a bottleneck with CPU, disk I/O, RAM, etc). One way to avoid bottlenecks is to split up the machine that is running an agent with 20 executors, into 20 virtual machines, each running one executor each. That would ensure that a consistent amount of CPU/RAM/disk would be available to any build that runs on that agent, and generally (though it depends on the specific settings you used on your virtualization software) your build times would be consistent.
Setting the executor count on an agent to a value too high could cause builds on that agent to behave in an unexpected way when the machine is overloaded (taking longer than normal, OutOfMemory exceptions, too many open files).
Agents Monitoring
Agent remoting and JVM versions
Versions Node Monitors plugin offers two Node Monitors: one for the version of the Remoting version, and one for the JVM version. This helps be aware and possibility automatically disconnect agents that don’t comply to configuration and avoid issues.
| The Versions Node Monitors plugin as of December 2024 is a community plugin as per CloudBees plugin support policies |
Agents executing builds from more than one controller
If you have specialized hardware and not enough of it to have one for each controller, this would be a use case for Shared Agents or Shared Cloud managed by operations center.